This is an example how to do that on a Mac:
sudo keytool -import -noprompt -alias charles-$(date +%Y%m%d%H%M%S) -file "Downloads/charles-ssl-proxying-certificate.pem" -keystore "/Library/Java/JavaVirtualMachines/jdk-10.0.2.jdk/Contents/Home/lib/security/cacerts" -storepass changeit
First you need to run charles and enable SSL proxying. The see which JDK is used by your application and add the certificate to the cacerts file:
curl -s http://ssl.charles/ --proxy 127.0.0.1:8888 > cert_file
sudo keytool -import -noprompt -alias charles-$(date +%Y%m%d%H%M%S) \
-file cert_file \
-keystore /Library/Java/JavaVirtualMachines/jdk-10.0.2.jdk/Contents/Home/lib/security/cacerts \
First prepare the ubuntu machine by installing vino:
Then hit windows button and look for sharing. Configure the system to allow remote connections with given password.
You also need to disable encryption with:
gsettings set org.gnome.Vino require-encryption false
Then you can access the machine from your Mac with Screen Sharing app with the url
To create a network bridge with netplan you have to create a file
macaddress: <some mac>
Make sure to place a mac address in and replace the interface name enp6s0 with yours.
Then run sudo netplan apply.
The machine gets a new IP from dhcp so make sure you have it configured in your dhcp before or have a local console 😉
Here a simple docker-compose.yml file to get kong community up and running. It is configured to use postgresql that persists data to a local docker volume. All ports are mapped to localhost only and log goes to stdout/stderr.
test: 'echo "select 1" | psql -U kong kong || exit 1'
# uncomment following line to run migrations for a new database
# command: kong migrations up -v
test: 'curl -f http://localhost:8001/status || exit 1'
Attention: The kong container fails to start unless migrations are not run on the connected database. To do this simply uncomment the marked line and start the containers. With the command set the container will execute database migrations and stop with exit code 0. After that the line can be commented out again. Then you can start kong with the given file.
When using IntelliJ IDEA with Spring Boot on a Mac make sure you have the entry
in your /etc/hosts file. Replace <hostname> with your Mac’s name. Also make sure that the result of the command ‘hostname’ is in your /etc/hosts file as well pointing to your local address.
After years of development Oracle has released Java 9. It is available to download from the Oracle page as usual. Here is the EOL message for Java 8:
End of Public Updates for Oracle JDK 8
Oracle will not post further updates of Java SE 8 to its public download sites for commercial use after September 2018. Customers who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 8 or previous versions can get long term support through Oracle Java SE Advanced, Oracle Java SE Advanced Desktop, or Oracle Java SE Suite. For more information, and details on how to receive longer term support for Oracle JDK 8, please see the Oracle Java SE Support Roadmap.
In my former post i described a way how to create self signed SSL certificates with an own certificate authority. These certificates didn’t work in latest chrome versions so I updated my scripts to create valid certificates for chrome. This time I only create wildcard certificates because creating one for every subdomain was annoying.
if [ -e ca.key ]; then
echo "ca.key already exists"
openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt \
-subj "/C=AT/ST=Vienna/L=Vienna/O=Coffeebeans/CN=Coffeebeans Domain Validation Secure Server CA/emailAddressemail@example.com"
if [ "star." == $NAME ]; then
echo "usage: $0 <domain.name>"
if [ -e $NAME.key ]; then
echo "$NAME.key already exists"
if [ ! -e ca.crt ]; then
echo "no ca certificate created"
[ dn ]
OU=Domain Control Validated
[ req_ext ]
[ alt_names ]
echo "$CONFIG" > config.txt
if [ ! -d ./ca ]; then
mkdir -p ./ca/newcerts
openssl genrsa -out $NAME.key 4096
openssl req -new -key $NAME.key -out $NAME.csr -config config.txt
openssl ca -create_serial -batch -in $NAME.csr -out $NAME.crt -config config.txt
rm -f *.csr config.txt
chmod 644 *.key *.crt
I also tried to use these certificates in postfix which did NOT work. To create files for postfix see my former post.
I tried to rim robo3t-1.1.1-linux-x86_64 downloaded from https://robomongo.org/ and got the following error when trying to run it:
This application failed to start because it could not find or load the Qt platform plugin "xcb"
Available platform plugins are: xcb.
Reinstalling the application may fix this problem.
Trying to install xcb via apt install xcb doesn’t change the behavior. Then I found a solution by removing all libstdc++* files from the lib directory in the extracted directory:
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Docker version 17.06.0-ce, build 02c1d87
I followed the steps under https://docs.openshift.org/latest/getting_started/administrators.html#downloading-the-binary and got the error in the title. To fix this you have to add “–exec-opt native.cgroupdriver=systemd” to ExecStart of docker. The best way to do this is to add a addin file /etc/systemd/system/docker.service.d/override.conf with following content:
ExecStart=/usr/bin/dockerd -H fd:// --exec-opt native.cgroupdriver=systemd
Then reload systemd and restart docker:
sudo systemctl daemon-reload
sudo systemctl restart docker